Commit ef71fd73 authored by Vincent Pelletier's avatar Vincent Pelletier

Add a test for edit method security.


git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@20919 20353a03-c40f-0410-a6d1-a30d3c3de9de
parent ecfaa9d1
...@@ -34,6 +34,8 @@ from Products.CMFCore.tests.base.testcase import LogInterceptor ...@@ -34,6 +34,8 @@ from Products.CMFCore.tests.base.testcase import LogInterceptor
from Products.ERP5Type.tests.utils import createZODBPythonScript from Products.ERP5Type.tests.utils import createZODBPythonScript
from Products.ERP5Type.ERP5Type import ERP5TypeInformation from Products.ERP5Type.ERP5Type import ERP5TypeInformation
from Products.ERP5Type.Cache import clearCache from Products.ERP5Type.Cache import clearCache
from AccessControl.ZopeGuards import guarded_apply, guarded_getattr
from zExceptions import Unauthorized
class TestFolder(ERP5TypeTestCase, LogInterceptor): class TestFolder(ERP5TypeTestCase, LogInterceptor):
...@@ -170,6 +172,17 @@ class TestFolder(ERP5TypeTestCase, LogInterceptor): ...@@ -170,6 +172,17 @@ class TestFolder(ERP5TypeTestCase, LogInterceptor):
self.assertRaises(ValueError, self.folder.newContent, self.assertRaises(ValueError, self.folder.newContent,
portal_type='Category') portal_type='Category')
def test_editWithoutModifyPortalContent(self):
edit = guarded_getattr(self.folder, 'edit')
guarded_apply(edit, title='foo')
self.assertEqual(self.folder.title, 'foo')
original_permission_list = self.folder.permission_settings('Modify portal content')
assert len(original_permission_list) == 1
self.folder.manage_permission('Modify portal content', [], 0)
self.assertRaises(Unauthorized, guarded_getattr, self.folder, 'edit')
# Reset to original permissions
self.folder.manage_permission('Modify portal content', original_permission_list[0]['roles'], original_permission_list[0]['acquire'])
def test_suite(): def test_suite():
suite = unittest.TestSuite() suite = unittest.TestSuite()
suite.addTest(unittest.makeSuite(TestFolder)) suite.addTest(unittest.makeSuite(TestFolder))
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment